Moderate CentOS gimp Update

Metadata

high
7.5
gimp-2.2.13-3.el5_10.i386.rpm, gimp-2.2.13-3.el5_10.src.rpm, gimp-2.2.13-3.el5_10.x86_64.rpm, gimp-2.6.9-6.el6_5.i686.rpm, gimp-2.6.9-6.el6_5.src.rpm, gimp-2.6.9-6.el6_5.x86_64.rpm, gimp-devel-2.2.13-3.el5_10.i386.rpm, gimp-devel-2.2.13-3.el5_10.x86_64.rpm, gimp-devel-2.6.9-6.el6_5.i686.rpm, gimp-devel-2.6.9-6.el6_5.x86_64.rpm, gimp-devel-tools-2.6.9-6.el6_5.i686.rpm, gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm, gimp-help-browser-2.6.9-6.el6_5.i686.rpm, gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm, gimp-libs-2.2.13-3.el5_10.i386.rpm, gimp-libs-2.2.13-3.el5_10.x86_64.rpm, gimp-libs-2.6.9-6.el6_5.i686.rpm, gimp-libs-2.6.9-6.el6_5.x86_64.rpm
CVE-2012-5576, CVE-2013-1913, CVE-2013-1978
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-12-03
2017-07-27 19:06
CVE-2013-1978 gimp
CVE-2012-5576 gimp
CVE-2013-1913 gimp
CVE-2013-1913
CVE-2013-1978
CVE-2012-5576
2017-04-01 19:07
2017-01-05 20:11

Description


Updated gimp packages that fix three security issues are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

A stack-based buffer overflow flaw, a heap-based buffer overflow, and an
integer overflow flaw were found in the way GIMP loaded certain X Window
System (XWD) image dump files. A remote attacker could provide a specially
crafted XWD image file that, when processed, would cause the XWD plug-in to
crash or, potentially, execute arbitrary code with the privileges of the
user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)

The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray
McAllister of the Red Hat Security Response Team.

Users of the GIMP are advised to upgrade to these updated packages, which
correct these issues. The GIMP must be restarted for the update to take
effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 gimp gimp-2.2.13-3.el5_10.i386.rpm
gimp gimp-2.2.13-3.el5_10.src.rpm
gimp gimp-2.2.13-3.el5_10.x86_64.rpm
gimp-devel gimp-devel-2.2.13-3.el5_10.i386.rpm
gimp-devel gimp-devel-2.2.13-3.el5_10.x86_64.rpm
gimp-libs gimp-libs-2.2.13-3.el5_10.i386.rpm
gimp-libs gimp-libs-2.2.13-3.el5_10.x86_64.rpm
6 gimp gimp-2.6.9-6.el6_5.i686.rpm
gimp gimp-2.6.9-6.el6_5.src.rpm
gimp gimp-2.6.9-6.el6_5.x86_64.rpm
gimp-devel gimp-devel-2.6.9-6.el6_5.i686.rpm
gimp-devel gimp-devel-2.6.9-6.el6_5.x86_64.rpm
gimp-devel-tools gimp-devel-tools-2.6.9-6.el6_5.i686.rpm
gimp-devel-tools gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm
gimp-help-browser gimp-help-browser-2.6.9-6.el6_5.i686.rpm
gimp-help-browser gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm
gimp-libs gimp-libs-2.6.9-6.el6_5.i686.rpm
gimp-libs gimp-libs-2.6.9-6.el6_5.x86_64.rpm